public function test__signed_serialize_deserialize() { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true); $authnRequest = new AuthnRequest(); $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205'); $authnRequest->setIssueInstant('2015-09-13T11:47:33Z'); $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO'); $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity')); $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey)); $serializationContext = new SerializationContext(); $authnRequest->serialize($serializationContext->getDocument(), $serializationContext); $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-'); $serializationContext->getDocument()->save($temporaryFilename); $xml = file_get_contents($temporaryFilename); $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); $authnRequest = new AuthnRequest(); $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); $signatureReader = $authnRequest->getSignature(); if ($signatureReader instanceof SignatureXmlReader) { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureReader->validate($key); $this->assertTrue($ok); } else { throw new \LogicException('Expected Signature Xml Reader'); } }
public function test__send_authn_request() { $expectedRelayState = 'relayState'; $expectedDestination = 'https://destination.com/auth'; $request = $this->getAuthnRequest(); $request->setRelayState($expectedRelayState); $request->setDestination($expectedDestination); $biding = new HttpRedirectBinding(); $eventDispatcherMock = $this->getEventDispatcherMock(); $eventDispatcherMock->expects($this->once())->method('dispatch')->willReturnCallback(function ($name, GenericEvent $event) { $this->assertEquals(Events::BINDING_MESSAGE_SENT, $name); $this->assertNotEmpty($event->getSubject()); $doc = new \DOMDocument(); $doc->loadXML($event->getSubject()); $this->assertEquals('AuthnRequest', $doc->firstChild->localName); }); $biding->setEventDispatcher($eventDispatcherMock); $this->assertSame($eventDispatcherMock, $biding->getEventDispatcher()); $messageContext = new MessageContext(); $messageContext->setMessage($request); /** @var RedirectResponse $response */ $response = $biding->send($messageContext); $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $response); $url = $response->getTargetUrl(); $this->assertNotEmpty($url); $urlInfo = parse_url($url); $this->assertEquals($expectedDestination, $urlInfo['scheme'] . '://' . $urlInfo['host'] . $urlInfo['path']); $query = array(); parse_str($urlInfo['query'], $query); $this->assertArrayHasKey('SAMLRequest', $query); $this->assertArrayHasKey('RelayState', $query); $this->assertArrayHasKey('SigAlg', $query); $this->assertArrayHasKey('Signature', $query); $this->assertEquals('RY/NCsIwEITvPkXI3TaptY3BKkIvBb2oePAiMUmxYBPtbsXHdxFEGBgY5tuf5frd39nLD9DFUHGZCL5eTZabEW9h75+jB2TUCFDxcQg6GuhAB9N70Gj1YbPb6iwR+jFEjDbeOWvqil+Us7ZYqHlbuEU7IxfXq8vnReZblSvfzowvlVOlKzk7/XbTHMIBRt8EQBOQIiHzqZCko8y0EKQzZzUd1QWDX+qG+ACdpu4fJjb2qaEPeLqafAA=', $query['SAMLRequest']); $this->assertEquals($expectedRelayState, $query['RelayState']); $this->assertEquals('http://www.w3.org/2000/09/xmldsig#rsa-sha1', $query['SigAlg']); $this->assertEquals('tm8dkiHro6oQkvleMAeAIWOLGKn116VVs/lRM+QpeR3YuKCjXcNFhI4xIunGYhfF+f2Li0GNdh6PqoyX3YVd7KVbm5hDTstJwx+PRYzMiBqwNMB5wCTtbZMiBiYbCT28ANU9ObWnYXbfKVNQJq/z8Uj2PFPXr+gVy30ttIXlHFKmGnYAwrlTEEYRDZ4clJ2tNEIxHZwwqHuPy1sd2xdWT8uKHJeRxTbvF2Vzw6ytzFeyQBIIPy/lk46czhi5a8uOb89y0XrDgSqHlwv2Vk/a5iWdYla235vWjAfuKSj6wD9Z0PnyNVPxlCl4B2bnRCWq1XBzYwsS12RYvd0vhO8DEA==', $query['Signature']); $xml = gzinflate(base64_decode($query['SAMLRequest'])); $context = new DeserializationContext(); $context->getDocument()->loadXML($xml); $receivedAuthnRequest = new AuthnRequest(); $receivedAuthnRequest->deserialize($context->getDocument()->firstChild, $context); $this->assertEquals($request->getID(), $receivedAuthnRequest->getID()); $this->assertEquals($request->getIssueInstantTimestamp(), $receivedAuthnRequest->getIssueInstantTimestamp()); }